Toshiba Publishes English Edition of Cyber Security Report 2025

This page partially uses JavaScript. This page may not operate normally when these functions are not supported by your browser or the setting is disabled.

～Enhancing cyber resilience through global regulatory compliance and proactive defense against sophisticated cyber threats～

August 29, 2025

KAWASAKI—Toshiba Corporation has released the English edition of the Toshiba Group Cyber Security Report 2025, outlining its cybersecurity policies, initiatives, and activities for fiscal year 2024.

As cyber threats continue to evolve and grow more sophisticated, their scope has expanded to include control systems and industrial equipment—key components of critical social infrastructure. At the same time, ransomware attacks and data breaches have caused serious disruptions to business operations, particularly in supply chain activities. In response to these challenges, Toshiba Group is advancing a strategy built around the concept of cyber resilience, and aims to protect both its information and control systems and the products and services it provides.

Toshiba’s Concept of Cyber Resilience

The report highlights key initiatives to strengthen cyber resilience, and focuses on two main areas: compliance with product security regulations and management of attack surfaces and vulnerabilities.

Governments around the world are introducing new regulations to enhance product security. In Europe, for example, the Cyber Resilience Act, which mandates cybersecurity measures for digital products, came into effect in December 2024. Toshiba Group is meeting its requirement by proactively implementing and managing Software Bills of Materials (SBOMs), which list essential information such as program names, update history, and license details for components used in its products and services. The Group is also developing processes for SBOM generation and building systems to support their effective use.

Attack surfaces refer to all potential entry points within IT assets and network pathways that could be exploited in a cyberattack. As cloud adoption and remote work continue to expand, the number of attack surfaces is growing—increasing the risk of threats that exploit vulnerabilities such as poorly managed remote access devices. This trend underscores the importance of continuous monitoring and effective vulnerability management.

Since last year, Toshiba Group has been working to identify attack surfaces across its IT assets and assess related risks—an effort that has helped detect and address a range of vulnerabilities and strengthen overall security. Building on this foundation, the Group will continue to advance its proactive defense strategy to stay ahead of increasingly sophisticated cyber threats.

Toshiba Group remains committed to transparency and stakeholder engagement. It will continue to share detailed information on its cybersecurity policies, strategies, and specific initiatives through its website and future editions of the cybersecurity report.

■Toshiba Group Cyber Security Report 2025 is available here:
https://www.global.toshiba/ww/cybersecurity/corporate/report.html

■Toshiba Group's Cyber Security Website
https://www.global.toshiba/ww/cybersecurity/corporate.html